Monthly Archive: May 2018

All versions of the Medtronic 2090 Carelink Programmer are affected by a directory traversal vulnerability where the product’s software deployment network could allow an attacker to read files on the system. Date published :...

All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090...

Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Date published : 2018-05-04...

The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action. Date published : 2018-05-04 https://www.exploit-db.com/exploits/45225/ https://pastebin.com/ZGr5tyP2

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a ‘staticGet’ parameter to the ‘/userfs/bin/tcapi’ binary (in the Diagnostics component) using the ‘staticGet ‘...

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a ‘commit’ parameter to the ‘/userfs/bin/tcapi’ binary (in the Diagnostics component) using the ‘commit ‘...

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a ‘show’ parameter to the ‘/userfs/bin/tcapi’ binary (in the Diagnostics component) using the ‘show ‘...

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an ‘unset’ parameter to the ‘/userfs/bin/tcapi’ binary (in the Diagnostics component) using the ‘unset ‘...

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a ‘get’ parameter to the ‘/userfs/bin/tcapi’ binary (in the Diagnostics component) using the ‘get ‘...

Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in the webkeywords parameter) into the cmsconfig.php file. Date published : 2018-05-04 https://github.com/axublog/axublog/issues/1

An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe allows local users to bypass intended process protections, and consequently terminate process, because WM_SYSCOMMAND is not properly considered. Date published : 2018-05-04 https://github.com/rebol0x6c/2345_wm_syscommand

There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack. Date published : 2018-05-04 https://bugzilla.redhat.com/show_bug.cgi?id=1574844 https://access.redhat.com/errata/RHBA-2019:0327

** DISPUTED ** A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users...

A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote...